If you have multiple groups and/or resources that you manage together or you have a need to share data between teams, the IDM team can create a defined role for your convenience.

What is a Defined Role?

Defined roles in IDM are just that, roles that are defined by an IDM user and set up by an IDM admin. Defined roles are a powerful mechanism that makes it easy to enable access to the proper LC hosts and groups based on the user's project. When a new person is added to a project, they only need to be added to the associated defined role, which would then automatically grant the user all of the needed host and group permissions.  

Requesting a Defined Role

An LC Coordinator can request the creation of a new defined role by sending a request to the LC IDM team at lc-idm-admin@llnl.gov. The information needed for a request includes:

  • The name of the role
  • Which networks the role is needed in (OCF, SCF, SNSI)
  • The LC groups and LC hosts which should be managed together (i.e., the access being granted by membership in the role)
  • The ouns of the people who can approve membership changes for this role
  • Required membership traits (e.g., US citizen, Q-Clearance)

Adding or Removing Members of a Defined Role

See IDM—Add or Remove Role Members to manage role membership.